Linux program/script

  • Thread starter Deleted member 88227
  • Start date
D

Deleted member 88227

Guest
I remember there being a Linux script/program of some sort that would read logs, if it seen xx failed logins from a single IP address it would temp ban that IP for xx time.

Anyone know the name of it and is it still a good way to prevent brute login?

Basically my server is getting hammered by people trying to brute force FTP logins. I get emailed the log daily, so I usually just manually ban those IPs but most of the time I don't think it's doing any good. Once they've tried multiple times they probably move on, I'd like to nab them after like 3 failed attempts, then have their IP banned for like a month or something.
 
I use fail2ban on my server. Just install it via your package manager, and then there's a simple config file you can edit. I have mine set to temporarily ban an IP if the password for SSH or Apache is incorrectly entered 3 times.
 
Jesse B said:
I use fail2ban on my server. Just install it via your package manager, and then there's a simple config file you can edit. I have mine set to temporarily ban an IP if the password for SSH or Apache is incorrectly entered 3 times.
Click to expand...

Reading the docs on it now. Thanks. Pretty sure this wasn't the same program/script I used to use back in the day but if it does what I need, no biggie. :D
 
Sweet. Seems to be pretty straight forward on the install and setup. Got it running on my text box and managed to get myself banned from it. Waiting for it to unban me now. Forgot to check how long that is. HAHA I think I remember the default being like 600 seconds or so.
 
Well got it running on the main box, had to edit one of the filter.d files for pure-ftpd because it wasn't finding the failed logins. Once I made the correction, I'm banned from just the FTP for 600 seconds. Now... time to do some math for a day ban.
 
If you can stand to change to a non-standard port, these issues usually disappear completely. Fail2ban is more secure though.
 
SpaceHonkey said:
If you can stand to change to a non-standard port, these issues usually disappear completely. Fail2ban is more secure though.
Click to expand...

That's what I do with SSH, but for FTP I'd rather not go through the hassle since others use FTP for the sites I host for them; but since I'm the only one with shell access to the server I just change the port.

So far it's working like a charm.
 
denyhosts is another.
configserver firewall (csf for short) also has this ability.
 
You must log in or register to reply here.
Back
Top